Abstract or description

Although the importance of privacy is well-acknowledged for sensitive data, a significantresearch effort is still needed to develop robust privacy protection solutions for WirelessSensor Networks (WSNs) used in the context of healthcare. The focus of this doctoralresearch is to investigate privacy-preserving mechanisms for Wireless Multimedia SensorNetworks (WMSNs) for use in healthcare, to ensure privacy-aware transmission (fromsensors to the base station) of multimedia data captured for healthcare.Towards achieving the goal stated above, the following research questions are addressed inthis thesis: (i) What are the significant privacy threats in a WMSN used in the healthcaredomain? (ii) What countermeasures can be deployed to stop privacy attacks that realizethese threats? (iii) What is the impact, on the WMSN, of the deployment of the privacycountermeasures, with regards to the enhancement of privacy and to the associatedcomputation, communication and storage overheads?A threat analysis, conducted in the research reported herein, revealed that linkability,identifiability and location disclosure are significant privacy threats for WMSNs in healthcare.Consequently, privacy countermeasures and the corresponding mechanisms to achieveunlinkability, anonymity / pseudonymity and location privacy are required in a privacy-awareWMSN for healthcare. The AntSensNet routing protocol (Cobo et al., 2010) for WMSNs wasadapted in the work reported in this thesis, by adding to it privacy-preserving mechanisms,towards achieving unlinkability, anonymity / pseudonymity and location privacy. Thestandard AntSensNet routing protocol is vulnerable to privacy threats. Consequently, thefollowing countermeasures were investigated in this thesis: (i) size correlation andencryption of scalar and multimedia data transmitted through a WMSN, and size correlationand encryption of ants, to achieve unlinkability and location privacy; (ii) fake traffic injection,to achieve anonymity, source location and base station location privacy, as well asunlinkability; (iii) pseudonyms, to achieve unlinkability.To assess the impact of the introduction of the above privacy countermeasures, aquantitative performance analysis was conducted (using the NS2 simulator and a theoreticalanalysis) to gauge the computation overhead (number of extra operations), communicationoverhead (number of extra network messages) and storage overhead (number of extraencryption keys) of the privacy countermeasures which were added to the AntSensNetprotocol deployed within a WMSN. The performance analysis results show that themessages and memory overheads due to the added privacy countermeasures increasemostly linearly with the number of scalar and multimedia sensors, and the resulting traffic,increases in the network.iiiFurthermore, a WMSN (with sensors having specifications similar to healthcare sensors, butnot deploying the privacy-aware AntSensNet protocol) was simulated using the NS2simulator, to study the effect of the introduction of fake traffic, towards achieving unlinkability,anonymity and location privacy. Entropy and anonymity set size were adopted to quantifythe change in the level of privacy (anonymity, unlinkability and location privacy) as thenumber of fake sources and the volume of fake traffic increase. The results show that thelevel of privacy enhancement increases with the number of fake sources and volume of faketraffic, but at the expense of an increased delay in the data delivery and an increased levelof multimedia jitter (as a result of the consumption of the available bandwidth by fake traffic).This delay and jitter might not be acceptable in critical situations where rapid medical actionis required, such as for a patient who has suffered a stroke or a patient (remotely monitoredby cameras) who has fallen and broken a bone.The novel contributions to knowledge which have arisen from this doctoral research are: (i)the elicitation of privacy threats, through a threat analysis methodology named LINDDUN(Wuyts et al., 2014) ─ applied to WMSNs for healthcare ─ to identify significant threats andhence the privacy enhancement mechanisms required by a privacy-aware WMSN; (ii) theenhancement of the AntSensNet routing protocol for WMSNs, to make it privacy-aware; (iii)the findings from the assessment of the privacy-awareness resulting from the deployedprivacy-enhancing countermeasures and findings from the assessment of their associatedcomputation, communication and storage overheads.